Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Getting Started with Elastic Stack 8.0
  • Toc
  • feedback
Getting Started with Elastic Stack 8.0

Getting Started with Elastic Stack 8.0

By : Asjad Athick
4.3 (9)
close
Getting Started with Elastic Stack 8.0

Getting Started with Elastic Stack 8.0

4.3 (9)
By: Asjad Athick

Overview of this book

The Elastic Stack helps you work with massive volumes of data to power use cases in the search, observability, and security solution areas. This three-part book starts with an introduction to the Elastic Stack with high-level commentary on the solutions the stack can be leveraged for. The second section focuses on each core component, giving you a detailed understanding of the component and the role it plays. You’ll start by working with Elasticsearch to ingest, search, analyze, and store data for your use cases. Next, you’ll look at Logstash, Beats, and Elastic Agent as components that can collect, transform, and load data. Later chapters help you use Kibana as an interface to consume Elastic solutions and interact with data on Elasticsearch. The last section explores the three main use cases offered on top of the Elastic Stack. You’ll start with a full-text search and look at real-world outcomes powered by search capabilities. Furthermore, you’ll learn how the stack can be used to monitor and observe large and complex IT environments. Finally, you’ll understand how to detect, prevent, and respond to security threats across your environment. The book ends by highlighting architecture best practices for successful Elastic Stack deployments. By the end of this book, you’ll be able to implement the Elastic Stack and derive value from it.
Table of Contents (18 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Core Components
Section 1: Core Components
Free Chapter
2
Chapter 1: Introduction to the Elastic Stack
Chapter 1: Introduction to the Elastic Stack
An overview of the Elastic Stack
A note about licensing
What is Elasticsearch?
Introducing Kibana
Collecting and ingesting data
Running the Elastic Stack
Solutions built on the stack
Summary
3
Chapter 2: Installing and Running the Elastic Stack
Chapter 2: Installing and Running the Elastic Stack
Technical requirements
Manual installation of the stack
Automating the installation
Using Elastic Cloud Enterprise (ECE) for orchestration
Running on Kubernetes
Configuration of your lab environment
Summary
4
Section 2: Working with the Elastic Stack
Section 2: Working with the Elastic Stack
5
Chapter 3: Indexing and Searching for Data
Chapter 3: Indexing and Searching for Data
Technical requirements
Understanding the internals of an Elasticsearch index
Elasticsearch nodes
Searching for data
Summary
6
Chapter 4: Leveraging Insights and Managing Data on Elasticsearch
Chapter 4: Leveraging Insights and Managing Data on Elasticsearch
Technical requirements
Getting insights from data using aggregations
Managing the life cycle of time series data
Manipulating incoming data with ingest pipelines
Responding to changing data with Watcher
Summary
7
Chapter 5: Running Machine Learning Jobs on Elasticsearch
Chapter 5: Running Machine Learning Jobs on Elasticsearch
Technical requirements
The value of running machine learning on Elasticsearch
Preparing data for machine learning jobs
Looking for anomalies in time series data
Running classification on data
Inferring against incoming data using machine learning
Summary
8
Chapter 6: Collecting and Shipping Data with Beats
chevron up
Chapter 6: Collecting and Shipping Data with Beats
Technical requirements
Introduction to Beats agents
Collecting logs using Filebeat
Using Metricbeat to monitor system and application metrics
Monitoring operating system audit data using Auditbeat
Monitoring the uptime and availability of services using Heartbeat
Collecting network traffic data using Packetbeat
Summary
9
Chapter 7: Using Logstash to Extract, Transform, and Load Data
Chapter 7: Using Logstash to Extract, Transform, and Load Data
Technical requirements
Introduction to Logstash
Looking at pipelines for real-world data-processing scenarios
Summary
10
Chapter 8: Interacting with Your Data on Kibana
Chapter 8: Interacting with Your Data on Kibana
Technical requirements
Getting up and running on Kibana
Visualizing data with dashboards
Creating data-driven presentations with Canvas
Working with geospatial datasets using Maps
Responding to changes in data with alerting
Summary
11
Chapter 9: Managing Data Onboarding with Elastic Agent
Chapter 9: Managing Data Onboarding with Elastic Agent
Technical requirements
Tackling the challenges in onboarding new data sources
Managing Elastic Agent at scale with Fleet
Setting up your environment
Summary
12
Section 3: Building Solutions with the Elastic Stack
Section 3: Building Solutions with the Elastic Stack
13
Chapter 10: Building Search Experiences Using the Elastic Stack
Chapter 10: Building Search Experiences Using the Elastic Stack
Technical requirements
An introduction to full-text searching
Implementing features to improve the search experience
Summary
14
Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack
Chapter 11: Observing Applications and Infrastructure Using the Elastic Stack
Technical requirements
An introduction to observability
Observing your environment
Instrumenting your application performance
Summary
15
Chapter 12: Security Threat Detection and Response Using the Elastic Stack
Chapter 12: Security Threat Detection and Response Using the Elastic Stack
Technical requirements
Building security capability to protect your organization
Building a SIEM for your SOC
Leveraging endpoint detection and response in your SOC
Summary
16
Chapter 13: Architecting Workloads on the Elastic Stack
Chapter 13: Architecting Workloads on the Elastic Stack
Architecting workloads on Elastic Stack
Architectures to handle complex requirements
Implementing successful deployments of the Elastic Stack
Summary
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Monitoring operating system audit data using Auditbeat

While it is useful to monitor logs and metrics directly related to your workload, an important element of comprehensive visibility is monitoring configuration changes on the machine hosting your workload. Audit data derived from the operating system can indicate changes that may result in bugs or undesired behavior, non-compliance with security policies, or users making unauthorized changes.

Auditbeat leverages the Linux audit framework (auditd) to consistently and reliably collect audit/security-relevant data from hosts. The scope of data collection includes the following:

  • Linux kernel events related to unauthorized file access and remote access
  • Changes on critical files and file paths
  • Packages, processes, sockets, and user activity on the system

Data collection on auditd can be controlled using rules; curated rules can be found on openly available security hardening and best practice guides online.

...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 6
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete